Flea APT Targets Foreign Ministries with New Backdoor.Graphican
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Flea (APT15) targeted foreign ministries with their new backdoor, Backdoor.Graphican, leveraging Microsoft Graph API and OneDrive for C&C communication. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Tsunami Botnet Preying on Insufficiently Shielded Linux SSH Servers
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary An ongoing hacking campaign has been targeting inadequately secured Linux SSH servers. The objective of this campaign is to deploy the Tsunami DDoS botnet. To receive real-time threat advisories, please follow …
Condi Malware Strikes TP-Link Routers for DDoS Rampage
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Condi, a recently discovered malware, utilizes a security vulnerability within TP-Link Archer Wi-Fi routers to ensnare these devices into a botnet specifically designed for launching distributed denial-of-service (DDoS) attacks. To receive …
New Chromeloader Shampoo Campaign Infecting Chrome and Stealing Data
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The current ChromeLoader Shampoo campaign, where users unknowingly download and execute VBScript files from malicious websites. These files trigger a series of PowerShell scripts, leading to the installation of a malicious …
State-Sponsored Hackers Target Middle Eastern and African Governments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Persistent cyber-espionage attacks, targeting governmental entities in the Middle East and Africa, have been unleashed by a group known as CL-STA-0043. This group has employed unprecedented methods to infiltrate networks. To …
The Rising Diicot Threat Group with Diverse Attack Capabilities
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A Romanian threat group “Diicot” has been actively employing SSH bruteforcing and deploying malware loaders to compromise systems for the purpose of cryptocurrency mining. The campaign involves exploiting OpenWRT systems and …
STORM-1359 DDoS triggered outage of Microsoft Services
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The STORM-1359 group a.k.a Anonymous Sudan recently targeted Microsoft services with a DDoS attack, resulting in the disruption of multiple services. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
Mystic Stealer Malware Targeting Browsers, Wallets, and Messaging Platforms
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mystic Stealer is an advanced information stealer malware known for its low detection rate, code manipulation techniques and is stealing sensitive data from browsers, wallets & messaging platforms, posing significant risks …
Cybercriminals Exploit Old Telerik Bug for Data Theft
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary APT actors and financially motivated cybercriminals were observed exploiting old Telerik vulnerabilities in an attack targeting a US government agency. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …
ChamelGang Strikes Again With ChamelDoH Malware XDNS-over-HTTPS
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Chinese threat group ChamelGang has developed the Linux malware ChamelDoH, which uses DNS-over-HTTPS for encrypted communication with attackers. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn. …